Extent of Latest Hospital Hack Unknown

Muhlenberg Community Hospital in Greenville, Ky., has suffered a hacking attack from malware that may have been put in place as far back as 2012.

The hospital has not publicly disclosed the size of the attack, but the incident soon should be posted on the HHS Office for Civil Rights website of major breaches of protected health information. Affected individuals are being offered one year of identity protection services.

The hospital on September 16, 2015, learned from the Federal Bureau of Investigation “of suspicious activity involving third parties,” according to a public announcement. Following internal and forensic investigations, “we have confirmed that a limited number of computers were infected with a keystroke logger designed to capture and transmit data as it was entered onto the affected computers.”

The computers were used to enter a wide range of financial and healthcare information including demographics, payment card account numbers and expiration dates, Social Security numbers, license or state identification numbers, insurance information, medical record numbers, diagnoses and treatments, and national provider identifiers. The hospital believes “that the malware could have captured username and password information for accounts or websites that were accessed by employees, contractors or providers using the affected terminals.”

There is no indication yet that data has been used inappropriately, according to the hospital, which declined to answer additional questions about the incident.